check if the extension decoded to internal openssl repr ...and if not, raise an error (plus consume the error stack)

commit: a08693f3a71a6537da9cfa7d9dda7781aef2bcdd [log] [tgz]
author: Paul Kehrer <paul.l.kehrer@gmail.com> Sat Aug 01 20:45:21 2015 +0100
committer: Paul Kehrer <paul.l.kehrer@gmail.com> Sat Aug 01 20:45:21 2015 +0100
tree: 0c54f65a4f9008381f8187e2c2649c82d7ee5485
parent: 0f984369c0f58f0d5db5cb1a6927b550afc89027 [diff] [blame]
diff --git a/tests/test_x509_ext.py b/tests/test_x509_ext.py
index 7b13582..2980808 100644
--- a/tests/test_x509_ext.py
+++ b/tests/test_x509_ext.py

@@ -2853,3 +2853,18 @@
             x509.OID_INHIBIT_ANY_POLICY
         ).value
         assert iap.skip_certs == 5
+
+
+@pytest.mark.requires_backend_interface(interface=RSABackend)
+@pytest.mark.requires_backend_interface(interface=X509Backend)
+class TestCorruptExtension(object):
+    def test_invalid_certificate_policies_data(self, backend):
+        cert = _load_cert(
+            os.path.join(
+                "x509", "custom", "cp_invalid.pem"
+            ),
+            x509.load_pem_x509_certificate,
+            backend
+        )
+        with pytest.raises(ValueError):
+            cert.extensions
commit	a08693f3a71a6537da9cfa7d9dda7781aef2bcdd	[log] [tgz]
author	Paul Kehrer <paul.l.kehrer@gmail.com>	Sat Aug 01 20:45:21 2015 +0100
committer	Paul Kehrer <paul.l.kehrer@gmail.com>	Sat Aug 01 20:45:21 2015 +0100
tree	0c54f65a4f9008381f8187e2c2649c82d7ee5485
parent	0f984369c0f58f0d5db5cb1a6927b550afc89027 [diff] [blame]